You are not logged in.
Pages: 1
CURRENT SYSTEM
Local Access
single user with sudo privileges
auto-login
auto-start a full-screen, Java-based, GUI application
user is not expected to interact with the desktop or any other software
Remote Access
local computer (on-site) establishes a reverse, port-forwarding ssh connection to a VPS
remote user (me) establishes a port-forwarding ssh connection to the VPS
VPS routes communication between the two end points
remote user opens vncviewer (tigervnc), points it at a local port (local to him), and tunnels it over ssh to the local computer, where it connects to localhost
This setup works well for me (as the only remote user). I can use it to troubleshoot the system and decide if I need to make a site visit.
NEW REQUIREMENTS
additional off-site users need to view GUI data but are not expected to interact with the system other than viewing different screens within the Java application
off-site users will (mostly) connect from Windows machines
actions by off-site users should not impact local operations
communication path will probably have carrier-grade NAT at both ends
PROPOSED SYSTEM
multiple-user environment, my account would be the only one with sudo privileges
auto-login the local user
auto-start a full-screen, Java-based, GUI application for the local user
establish wireguard vpn, rather than ssh
continue to route traffic through VPS, due to carrier-grade NAT
expose VNC server port only on the wireguard interface
allow remote users (after joining the wireguard network) to connect directly to the VNC port, using their vncpasswd
QUESTIONS
any major issues/concerns with this approach?
any suggestions for a better approach?
Cheers,
P.S. ewaller suggested "a headless sway session along with wayvnc configured for connection only through ssh" before he saw the contents of this post. I'll be looking into this.
"Before Enlightenment chop wood, carry water. After Enlightenment chop wood, carry water." -- Zen proverb
Offline
Pages: 1